squid-1873

Version:

2.6.STABLE7 (fixed in 2.6.STABLE8)

How it is diagnosed (reproduced or source analysis)?

We didn’t reproduce the failure. We relied on source analysis.

Links:

Bug: http://bugs.squid-cache.org/show_bug.cgi?id=1873

Patch: http://www.squid-cache.org/Versions/v2/2.6/changesets/11170.patch

Symptom:

Squid randomly abort during authentication with error message: "unexpected state in AuthenticateNTLMFixErrorHeader".

Root cause:

squid/src/auth/negotiate/auth_negotiate.c

static void authenticateNegotiateFixErrorHeader(...) {

    ...

   negotiate_request = auth_user_request->scheme_data;

   switch (negotiate_request->auth_state) {

   case AUTHENTICATE_STATE_NONE:

   case AUTHENTICATE_STATE_FAILED:

        debug(29, 9) ("authenticateNegotiateFixErrorHeader: Sending type:%d header: 'Negotiate'\n", type);

           ...

        break;

   case AUTHENTICATE_STATE_NEGOTIATE:

        ...

        break;

   case AUTHENTICATE_STATE_FINISHED:

+  case AUTHENTICATE_STATE_DONE:

        ...

        break;

   default:

        debug(29, 0) ("authenticateNegotiateFixErrorHeader: state %d.\n", negotiate_request->auth_state);

      // Failure point. Since they anticipated the

      // ERROR and terminated the execution, they limited the

      // error propagation!

        fatal("unexpected state in AuthenticateNegotiateFixErrorHeader.\n");

   }

}

Is there Error Message?

Yes.

Can Errlog automatically anticipate the error?

Yes. It is the ‘default’ case in switch statement!